stable

wordpress-5.8.3-1.fc34

FEDORA-2022-e37e1e6c7a created by remi 2 years ago for Fedora 34

Security Updates

Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-e37e1e6c7a

This update has been submitted for testing by remi.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

remi edited this update.

2 years ago

remi edited this update.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#2039301 CVE-2022-21661 wordpress: SQL injection via WP_Query
0
0
BZ#2039302 CVE-2022-21661 wordpress: SQL injection via WP_Query [fedora-all]
0
0
BZ#2039306 CVE-2022-21662 wordpress: stored XSS through authenticated users
0
0
BZ#2039307 CVE-2022-21662 wordpress: stored XSS through authenticated users [fedora-all]
0
0
BZ#2039312 CVE-2022-21663 wordpress: authenticated object injection in multisites
0
0
BZ#2039313 CVE-2022-21663 wordpress: authenticated object injection in multisites [fedora-all]
0
0
BZ#2039317 CVE-2022-21664 wordpress: SQL injection due to improper sanitization in WP_Meta_Query
0
0
BZ#2039318 CVE-2022-21664 wordpress: SQL injection due to improper sanitization in WP_Meta_Query [fedora-all]
0
0

Automated Test Results